Please describe your use case / problem.
In my case and other typical scenarios, backend generates certificates so decryption and authorization needs to be done at backend instead of SSL termination at proxy.
Describe the solution you'd like
Ambassador should support SSL passthrough mode where proxy only does lookup into ClientHello (for SNI etc) message and forwards the encrypted TCP message to backend.
Additional context
Reference:
Thanks! A PR for this would be welcome.
This should be addressed with TCP support in 0.51.
@richarddli can you point me to documentation or examples of what the author was asking for? I am trying to do exactly this, but TLS continues to terminate at ambassador when a TLSContext defines a host which matches my SNI, not caring whether or not a Mapping or TCPMapping exists
Just following on @texascloud's comment above, I would also be interested on how to configure the TLS passthrough, and as a follow-up whether the features that are available through Ambassador such as rewrite rules would also be available on TLS passthrough